mirror of
https://github.com/reactos/reactos.git
synced 2024-10-07 18:04:41 +00:00
878c2f4444
Implement a base security infrastructure with code that sets up a security descriptor for the service that we're going to connect through it. Such service is based upon a desktop and a window station. === DOCUMENTATION REMARKS === The authenticated user, represented by an access token that describes its security context, is the main holder and has ultimate power against the default created desktop and window station objects in USER. The authenticated user in question is the actual logged in user, this is the case when the server is impersonating a client. Administrators on the other hand have some share of power against default desktop but their power in question is extremely limited against the default window station as admins can only just enumerate the available and valid handle stations within a desktop.
93 lines
3 KiB
C
93 lines
3 KiB
C
/*
|
|
* PROJECT: ReactOS Win32k subsystem
|
|
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
|
* PURPOSE: Security infrastructure of NTUSER component of Win32k
|
|
* COPYRIGHT: Copyright 2022 George Bișoc <george.bisoc@reactos.org>
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
//
|
|
// USER objects security rights
|
|
//
|
|
|
|
/* Desktop access rights */
|
|
#define DESKTOP_READ (STANDARD_RIGHTS_READ | \
|
|
DESKTOP_ENUMERATE | \
|
|
DESKTOP_READOBJECTS)
|
|
|
|
#define DESKTOP_WRITE (STANDARD_RIGHTS_WRITE | \
|
|
DESKTOP_CREATEMENU | \
|
|
DESKTOP_CREATEWINDOW | \
|
|
DESKTOP_HOOKCONTROL | \
|
|
DESKTOP_JOURNALPLAYBACK | \
|
|
DESKTOP_JOURNALRECORD | \
|
|
DESKTOP_WRITEOBJECTS)
|
|
|
|
#define DESKTOP_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
|
|
DESKTOP_SWITCHDESKTOP)
|
|
|
|
#define DESKTOP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
|
|
DESKTOP_CREATEMENU | \
|
|
DESKTOP_CREATEWINDOW | \
|
|
DESKTOP_ENUMERATE | \
|
|
DESKTOP_HOOKCONTROL | \
|
|
DESKTOP_JOURNALPLAYBACK | \
|
|
DESKTOP_JOURNALRECORD | \
|
|
DESKTOP_READOBJECTS | \
|
|
DESKTOP_SWITCHDESKTOP | \
|
|
DESKTOP_WRITEOBJECTS)
|
|
|
|
/* Window Station access rights */
|
|
#define WINSTA_READ (STANDARD_RIGHTS_READ | \
|
|
WINSTA_ENUMDESKTOPS | \
|
|
WINSTA_ENUMERATE | \
|
|
WINSTA_READATTRIBUTES | \
|
|
WINSTA_READSCREEN)
|
|
|
|
#define WINSTA_WRITE (STANDARD_RIGHTS_WRITE | \
|
|
WINSTA_ACCESSCLIPBOARD | \
|
|
WINSTA_CREATEDESKTOP | \
|
|
WINSTA_WRITEATTRIBUTES)
|
|
|
|
#define WINSTA_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
|
|
WINSTA_ACCESSGLOBALATOMS | \
|
|
WINSTA_EXITWINDOWS)
|
|
|
|
#define WINSTA_ACCESS_ALL (STANDARD_RIGHTS_REQUIRED | \
|
|
WINSTA_ACCESSCLIPBOARD | \
|
|
WINSTA_ACCESSGLOBALATOMS | \
|
|
WINSTA_CREATEDESKTOP | \
|
|
WINSTA_ENUMDESKTOPS | \
|
|
WINSTA_ENUMERATE | \
|
|
WINSTA_EXITWINDOWS | \
|
|
WINSTA_READATTRIBUTES | \
|
|
WINSTA_READSCREEN | \
|
|
WINSTA_WRITEATTRIBUTES)
|
|
|
|
//
|
|
// Function prototypes
|
|
//
|
|
|
|
HANDLE
|
|
IntCaptureCurrentAccessToken(VOID);
|
|
|
|
PVOID
|
|
IntAllocateSecurityBuffer(
|
|
_In_ SIZE_T Length);
|
|
|
|
VOID
|
|
IntFreeSecurityBuffer(
|
|
_In_ PVOID Buffer);
|
|
|
|
NTSTATUS
|
|
IntQueryUserSecurityIdentification(
|
|
_Out_ PTOKEN_USER *User);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
IntCreateServiceSecurity(
|
|
_Out_ PSECURITY_DESCRIPTOR *ServiceSd);
|
|
|
|
/* EOF */
|